package io.gravitee.am.factor.email.provider;

import io.gravitee.am.factor.api.Enrollment;
import io.gravitee.am.factor.api.FactorContext;
import io.gravitee.am.factor.api.OTPFactorProvider;
import io.gravitee.am.factor.email.EmailFactorConfiguration;
import io.gravitee.am.factor.utils.SharedSecret;
import io.gravitee.am.gateway.handler.common.email.EmailService;
import io.gravitee.am.gateway.handler.manager.resource.ResourceManager;
import io.gravitee.am.gateway.handler.root.service.user.UserService;
import io.gravitee.am.identityprovider.api.DefaultUser;
import io.gravitee.am.model.Template;
import io.gravitee.am.model.factor.EnrolledFactor;
import io.gravitee.am.model.factor.EnrolledFactorChannel;
import io.gravitee.am.model.factor.EnrolledFactorSecurity;
import io.gravitee.am.repository.exceptions.TechnicalException;
import io.gravitee.am.resource.api.ResourceProvider;
import io.gravitee.am.resource.api.email.EmailSenderProvider;
import io.gravitee.am.service.utils.UserProfileUtils;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Single;
import jakarta.mail.internet.AddressException;
import jakarta.mail.internet.InternetAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:io/gravitee/am/factor/email/provider/EmailFactorProvider.class */
public class EmailFactorProvider extends OTPFactorProvider {
    private static final Logger logger = LoggerFactory.getLogger(EmailFactorProvider.class);

    @Autowired
    private EmailFactorConfiguration configuration;

    public Completable verify(FactorContext factorContext) {
        return verifyOTP((EnrolledFactor) factorContext.getData("enrolledFactor", EnrolledFactor.class), this.configuration.getReturnDigits(), (String) factorContext.getData("code", String.class));
    }

    public Single<Enrollment> enroll(String str) {
        return Single.fromCallable(() -> {
            return new Enrollment(SharedSecret.generate());
        });
    }

    public boolean checkSecurityFactor(EnrolledFactor enrolledFactor) {
        boolean z = false;
        if (enrolledFactor != null) {
            EnrolledFactorSecurity security = enrolledFactor.getSecurity();
            if (security == null || security.getValue() == null) {
                logger.warn("No shared secret in form");
            } else {
                EnrolledFactorChannel channel = enrolledFactor.getChannel();
                if (channel == null || channel.getTarget() == null) {
                    logger.warn("No email address in form");
                } else {
                    try {
                        new InternetAddress(channel.getTarget()).validate();
                        z = true;
                    } catch (AddressException e) {
                        logger.warn("Email address is invalid", e);
                    }
                }
            }
        }
        return z;
    }

    public boolean needChallengeSending() {
        return true;
    }

    public Completable sendChallenge(FactorContext factorContext) {
        EnrolledFactor enrolledFactor = (EnrolledFactor) factorContext.getData("enrolledFactor", EnrolledFactor.class);
        ResourceProvider resourceProvider = ((ResourceManager) factorContext.getComponent(ResourceManager.class)).getResourceProvider(this.configuration.getGraviteeResource());
        return resourceProvider instanceof EmailSenderProvider ? generateCodeAndSendEmail(factorContext, (EmailSenderProvider) resourceProvider, enrolledFactor) : Completable.error(new TechnicalException("Resource referenced can't be used for MultiFactor Authentication with type EMAIL"));
    }

    private Completable generateCodeAndSendEmail(FactorContext factorContext, EmailSenderProvider emailSenderProvider, EnrolledFactor enrolledFactor) {
        logger.debug("Generating factor code of {} digits", Integer.valueOf(this.configuration.getReturnDigits()));
        try {
            UserService userService = (UserService) factorContext.getComponent(UserService.class);
            EmailService emailService = (EmailService) factorContext.getComponent(EmailService.class);
            if (enrolledFactor.getSecurity().getData("EXPIRATION_EPOCH", Long.class) != null && Instant.now().isAfter(Instant.ofEpochMilli(((Long) enrolledFactor.getSecurity().getData("EXPIRATION_EPOCH", Long.class)).longValue()))) {
                incrementMovingFactor(enrolledFactor);
            }
            Map templateValues = factorContext.getTemplateValues();
            templateValues.put("code", generateOTP(enrolledFactor, this.configuration.getReturnDigits()));
            String target = enrolledFactor.getChannel().getTarget();
            EmailService.EmailWrapper createEmail = emailService.createEmail(Template.MFA_CHALLENGE, factorContext.getClient(), Arrays.asList(target), templateValues, UserProfileUtils.preferredLanguage(factorContext.getUser(), Locale.ENGLISH));
            return emailSenderProvider.sendMessage(createEmail.getEmail(), createEmail.isFromDefaultTemplate()).andThen(Single.just(enrolledFactor).flatMap(enrolledFactor2 -> {
                enrolledFactor2.getSecurity().putData("EXPIRATION_EPOCH", Long.valueOf(createEmail.getExpireAt()));
                return userService.addFactor(factorContext.getUser().getId(), enrolledFactor2, new DefaultUser(factorContext.getUser()));
            }).ignoreElement());
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            logger.error("Code generation fails", e);
            return Completable.error(new TechnicalException("Code can't be sent"));
        } catch (Exception e2) {
            logger.error("Email templating fails", e2);
            return Completable.error(new TechnicalException("Email can't be sent"));
        }
    }
}
